From e67b88a76a154205de374193227b221268551e37 Mon Sep 17 00:00:00 2001
From: Romain Failliot <romain.failliot@foolstep.com>
Date: Fri, 16 Aug 2019 09:24:16 -0400
Subject: [PATCH 1/3] [docs] add docker-compose command line

---
 docs/installation/docker.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/installation/docker.rst b/docs/installation/docker.rst
index c901ed279..7bb912b81 100644
--- a/docs/installation/docker.rst
+++ b/docs/installation/docker.rst
@@ -150,6 +150,11 @@ Useful commands:
             ports:
               - "5000:80"
 
+    Then start the container:
+
+    .. code-block:: shell
+
+        docker-compose up -d
 
 .. _docker-multi-container:
 

From 1b8ca04a457852024968e6eb304b9ae760f2b938 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ciar=C3=A1n=20Ainsworth?= <ciaranainsworth@posteo.net>
Date: Mon, 19 Aug 2019 10:09:08 +0200
Subject: [PATCH 2/3] Added documentation and notes about S3 content headers

---
 changes/notes.rst                |  8 ++++++++
 deploy/docker.nginx.template     |  3 +++
 deploy/docker.proxy.template     |  4 ++++
 deploy/nginx.template            |  3 +++
 docs/admin/external-storages.rst | 25 +++++++++++++++++++++++++
 5 files changed, 43 insertions(+)

diff --git a/changes/notes.rst b/changes/notes.rst
index cae728e7d..0c69462e1 100644
--- a/changes/notes.rst
+++ b/changes/notes.rst
@@ -78,6 +78,14 @@ Content-Security-Policy and additional security headers [manual action suggested
 To improve the security and reduce the attack surface in case of a successfull exploit, we suggest
 you add the following Content-Security-Policy to your nginx configuration.
 
+..note::
+    
+    If you are using an S3-compatible store to serve music, you will need to specify the URL of your S3 store in the ``media-src`` and ``img-src`` headers
+
+    .. code-block::
+    
+        add_header Content-Security-Policy "...img-src 'self' https://<your-s3-URL> data:;...media-src https://<your-s3-URL> 'self' data:";
+
 **On non-docker setups**, in ``/etc/nginx/sites-available/funkwhale.conf``::
 
     server {
diff --git a/deploy/docker.nginx.template b/deploy/docker.nginx.template
index a69762c19..d3a7fc9a6 100644
--- a/deploy/docker.nginx.template
+++ b/deploy/docker.nginx.template
@@ -23,6 +23,9 @@ server {
 
     root /frontend;
 
+    # If you are using S3 to host your files, remember to add your S3 URL to the
+    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
+
     add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
     add_header Referrer-Policy "strict-origin-when-cross-origin";
 
diff --git a/deploy/docker.proxy.template b/deploy/docker.proxy.template
index 6b0a0405a..abeff4cec 100644
--- a/deploy/docker.proxy.template
+++ b/deploy/docker.proxy.template
@@ -30,6 +30,10 @@ server {
     add_header Strict-Transport-Security "max-age=31536000";
 
     # Security related headers
+
+    # If you are using S3 to host your files, remember to add your S3 URL to the
+    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
+
     add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
 
     # compression settings
diff --git a/deploy/nginx.template b/deploy/nginx.template
index 89d53ce2b..1dc6de6da 100644
--- a/deploy/nginx.template
+++ b/deploy/nginx.template
@@ -41,6 +41,9 @@ server {
     # HSTS
     add_header Strict-Transport-Security "max-age=31536000";
 
+    # If you are using S3 to host your files, remember to add your S3 URL to the
+    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
+
     add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
     add_header Referrer-Policy "strict-origin-when-cross-origin";
 
diff --git a/docs/admin/external-storages.rst b/docs/admin/external-storages.rst
index bd136df62..45fed68ab 100644
--- a/docs/admin/external-storages.rst
+++ b/docs/admin/external-storages.rst
@@ -45,6 +45,12 @@ Replace the ``location /_protected/media`` block with the following::
         proxy_pass $1;
     }
 
+Add your S3 store URL to the ``img-src`` and ``media-src`` headers
+
+.. code-block:: shell
+
+    add_header Content-Security-Policy "...img-src 'self' https://<your-s3-URL> data:;...media-src https://<your-s3-URL> 'self' data:";
+
 Then restart Funkwhale and nginx.
 
 From now on, media files will be stored on the S3 bucket you configured. If you already
@@ -141,3 +147,22 @@ in your ``funkwhale.template`` under the ``location ~/_protected/media/(.+)`` se
      proxy_pass $1;
     }
 
+No Images or Media Loading
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you are serving media from an S3-compatible store, you may experience an issue where
+nothing loads in the front end. The error logs in your browser may show something like
+the following:
+
+.. code-block:: text
+
+    Content Security Policy: The page's settings blocked the loading of a resource at https://<your-s3-url> ("img-src")
+    Content Security Policy: The page's settings blocked the loading of a resource at https://<your-s3-url> ("media-src")
+
+This happens when your S3 store isn't defined in the ``Content-Security-Policy`` headers
+in your Nginx files. To resolve the issue, add the base URL of your S3 store to the ``img-src``
+and ``media-src`` headers and reload nginx.
+
+.. code-block:: shell
+
+    add_header Content-Security-Policy "...img-src 'self' https://<your-s3-URL> data:;...media-src https://<your-s3-URL> 'self' data:";

From 2f0fe545d06819a8f532bf2ec4705208c30e6bb6 Mon Sep 17 00:00:00 2001
From: Rodrigo Leite <rodrigo@leite.dev>
Date: Mon, 19 Aug 2019 11:19:10 +0200
Subject: [PATCH 3/3] Fix #531: Add dropdown menu to album page

---
 changes/changelog.d/710.add-track-dropdown | 1 +
 front/src/components/audio/track/Row.vue   | 7 +++++++
 front/src/components/audio/track/Table.vue | 3 +++
 front/src/style/_main.scss                 | 5 -----
 4 files changed, 11 insertions(+), 5 deletions(-)
 create mode 100644 changes/changelog.d/710.add-track-dropdown

diff --git a/changes/changelog.d/710.add-track-dropdown b/changes/changelog.d/710.add-track-dropdown
new file mode 100644
index 000000000..b82cf92ea
--- /dev/null
+++ b/changes/changelog.d/710.add-track-dropdown
@@ -0,0 +1 @@
+Add dropdown menu to track table (#531)
diff --git a/front/src/components/audio/track/Row.vue b/front/src/components/audio/track/Row.vue
index 624467f21..1f5b23a6c 100644
--- a/front/src/components/audio/track/Row.vue
+++ b/front/src/components/audio/track/Row.vue
@@ -42,6 +42,13 @@
     </td>
     <td colspan="2" class="align right">
       <track-favorite-icon class="favorite-icon" :track="track"></track-favorite-icon>
+      <play-button
+        class="play-button basic icon"
+        :dropdown-only="true"
+        :is-playable="track.is_playable"
+        :dropdown-icon-classes="['ellipsis', 'vertical', 'large', 'grey']"
+        :track="track"
+      ></play-button>
       <track-playlist-icon
         v-if="$store.state.auth.authenticated"
         :track="track"></track-playlist-icon>
diff --git a/front/src/components/audio/track/Table.vue b/front/src/components/audio/track/Table.vue
index 31327ee3a..390a4e483 100644
--- a/front/src/components/audio/track/Table.vue
+++ b/front/src/components/audio/track/Table.vue
@@ -85,4 +85,7 @@ tr:not(:hover) .favorite-icon:not(.favorited) {
 pre {
   overflow-x: scroll;
 }
+.table-wrapper {
+  overflow: visible;
+}
 </style>
diff --git a/front/src/style/_main.scss b/front/src/style/_main.scss
index 9a2fe1722..3687b6e22 100644
--- a/front/src/style/_main.scss
+++ b/front/src/style/_main.scss
@@ -364,11 +364,6 @@ input + .help {
   margin-top: 0.5em;
 }
 
-.table td .ui.dropdown {
-  min-width: 150px;
-}
-
-
 .tag-list {
   margin-top: 0.5em;
 }